[cups.development] Dangerous usage of strncat, possible buffer overrun in file usb-darwin.c
Michael R Sweet
msweet at apple.com
Tue Jun 30 14:50:48 PDT 2009
Ettl Martin wrote:
> Hello all,
>
> i have checked the sources of cups with the static code analysis tool cppcheck. It found an issue in file usb-darwin.c and printed the following output:
>
>
> [cups-1.3.10/backend/usb-darwin.c:1039]: (all) Dangerous usage of strncat, possible buffer overrun
>
> Take a look at the code:
Please file bugs here:
http://www.cups.org/str.php
In this case, it is extremely unlikely that we'd come close to using
the all of the space in uristr anyways - make, model, and serial come
from the device ID, which is the same size...
The code should be using strlcat, obviously.
--
______________________________________________________________________
Michael R Sweet Senior Printing System Engineer
More information about the cups-devel
mailing list